TECHNOLOGY & TRUST: SCA Jukka Yliuntinen, Global Head of Digital Solutions at Giesecke+Devrient, considers the long and winding road to SCA and the further challenges waiting at ‘journey’s end’ The twisting, turning journey towards Strong Customer Authentication (SCA) has been both challenging and changing, with frequent deadline extensions due to a blend of poor industry readiness and the impact of the COVID-19 pandemic. SCA is an integral part of the revised Payment Services Directive (PSD2), and adds an extra layer of security to electronic payments across the European Economic Area (EEA) and the United Kingdom. Because of the relentless growth of e-commerce and digital payments, as well as the growing sophistication of fraudsters, also fuelled by the pandemic, stronger security is a greater priority than ever.
Under SCA, if payment verification is required, banks must perform additional identity screening using two out of three possible checks. These checks are defined as something the customer knows (knowledge), something the customer has (possession), and something they are (inherence). Although many European countries are now compliant, the UK’s Financial Conduct Authority has further delayed full enforcement of SCA there until 14 March 2022 – the latest of several extensions. Those that are compliant have seen an early and unwelcome side effect of stronger security checks: conversion rates dropping off a cliff as customers experience unacceptable delays. So, even at journey’s end, issues remain, as does the core challenge of ensuring the right balance between friction and security. As global head of digital solutions at Giesecke+Devrient (G+D), Jukka Yliuntinen is part of a company that is no stranger to payment innovations. Yliuntinen describes the business as a ‘very old fintech’ because it has been a payment innovator for almost 170 years, shaping developments from paper notes
and cards through to today’s most advanced digital solutions. When PSD2 was first introduced, in January 2018, the biggest fear, particularly for issuing banks, was how to comply, says Yliuntinen. “User authentication has a profound impact on e-commerce and contactless transactions,” he says. “So, what would PSD2 mean for banks when payments were made in different environments? Whether a customer does online payments, mobile payments or payments at point-of-sale, and pays by card, a wearable or a mobile, the outcome should be the same. It should be a unified and seamless experience for consumers and banks alike.“ But, since 2018, there have been unforeseen roadblocks to SCA, not least because of the massive upheaval caused by the coronavirus and the consequent growth in digital payments. Over the past 18 months, cash usage has become almost non-existent, at least temporarily. Yliuntinen adds that, while most countries to which PSD2 is applicable are already fully compliant, the consistency of how they achieve compliance is another
Nearly there now! 8
ThePaytechMagazine | Issue 10
www.fintechf.com
